Communication apparatus, communication method, and computer program product

ABSTRACT

According to an embodiment, a communication apparatus includes a receiver, a first beacon processor, a second beacon processor, and an authentication processor. The receiver receives a first beacon transmitted over a wireless network while being protected by a first common key and a second beacon transmitted over the wireless network while not being protected by the first common key. The first beacon processor accesses the wireless network using information contained in the first beacon when the first common key is provided. The second beacon processor accesses the wireless network using information contained in the second beacon when the first common key is not provided. The authentication processor performs connection authentication to the wireless network using information contained in the second beacon and acquires the first common key.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of PCT international application Ser.No. PCT/JP2014/053544 filed on Feb. 14, 2014 which designates the UnitedStates; the entire contents of which are incorporated herein byreference.

FIELD

Embodiments described herein relate generally to a communicationapparatus, a communication method, and a computer program product.

BACKGROUND

In IEEE 802.15.4e-2012, a wireless mesh network communication standardusing Time-Slotted Channel Hopping (TSCH) Media Access Control (MAC) hasbeen proposed. In this standard, at the time of initial connection of anode to an object network, connection authentication is performed toacquire a MAC layer cryptographic key used in the object network. Forthe connection authentication, a 128-bit common key unique to the objectnetwork called a “join key” is used, and only a node having the join keysucceeds in the connection authentication. If a node does not have thejoin key to the object network, a procedure called “over-the-air (OTA)provisioning” that dynamically distributes the join key is executed onan exclusive network called a provisioning network.

The provisioning network uses the same MAC layer and physical layer asthose of the object network, and is generally constructed such thatwireless coverage of the provisioning network and wireless coverage ofthe object network to overlap with each other in order to achieveon-site join key acquisition. For connection authentication to theprovisioning network, a 128-bit common key called a default join key oran open join key is used.

The value of the default join key is a fixed value opened in accordancewith a standard, and the value of the open join key is a closed fixedvalue set in a node in advance. When a certain node succeeds in theconnection authentication to the provisioning network, the join key tothe object network is encrypted with a public key of this node and isdistributed. This node decrypts the join key with a secret keycorresponding to the public key of the node itself, thereby acquiringthe join key.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of a configuration example of an object network in awireless communication system according to a first embodiment;

FIG. 2 is a diagram of a configuration example of a node according tothe first embodiment;

FIG. 3 is a flowchart of communication control processing in the firstembodiment;

FIG. 4 is a diagram of transmission timing of a second beacon accordingto the first embodiment;

FIG. 5 is a diagram of the transmission timing of the second beaconaccording to the first embodiment;

FIG. 6 is a diagram of a hopping sequence used in TSCH MAC;

FIG. 7 is a diagram of a slotframe used in TSCH MAC;

FIG. 8 is a diagram of an example of a format of an EB;

FIG. 9 is a diagram of a format of an Auxiliary Security Header field;

FIG. 10 is a diagram of a format of a Security Control field;

FIG. 11 is a diagram of a format of a payload part of “TSCHSynchronization IE”;

FIG. 12 is a diagram of a format of a payload part of “TSCH Slotframeand Link IE”;

FIG. 13 is a diagram of a format of a payload part of “TSCH TimeslotIE”;

FIG. 14 is a diagram of a format of a payload part of “Channel HoppingIE”;

FIG. 15 is a diagram of an operation example when both a first beaconand the second beacon distribute the same TSCH MAC control information;

FIG. 16 is a diagram of an operation example when the second beacon doesnot contain information required only for a connected node;

FIG. 17 is a diagram of a configuration example in which the secondbeacon is encrypted with a public key or a secret key;

FIG. 18 is a diagram of a configuration example of a node according to asecond embodiment;

FIG. 19 is a diagram of a format of a beacon used in the secondembodiment; and

FIG. 20 is a hardware configuration diagram of a communication apparatusaccording to the first or second embodiment.

DETAILED DESCRIPTION

According to an embodiment, a communication apparatus includes areceiver, a first beacon processor, a second beacon processor, and anauthentication processor. The receiver receives a first beacontransmitted over a wireless network while being protected by a firstcommon key and a second beacon transmitted over the wireless networkwhile not being protected by the first common key. The first beaconprocessor accesses the wireless network using information contained inthe first beacon when the first common key is provided. The secondbeacon processor accesses the wireless network using informationcontained in the second beacon when the first common key is notprovided. The authentication processor performs connectionauthentication to the wireless network using information contained inthe second beacon and acquires the first common key.

Embodiments will be described in detail with reference to the attacheddrawings.

First Embodiment

A wireless communication system according to a first embodiment usesboth two kinds of beacons (a first beacon and a second beacon) protectedwith different security levels or different pieces of key informationfor a node (communication apparatus) already connected to an objectwireless network (an object network) and a node unconnected thereto.With this configuration, connection authentication for the unconnectednode can be performed while providing the safety of communication forthe already-connected node without requiring a provisioning network.

The protection is processing containing at least one of encryption usinga cryptographic key and addition of message authentication information,for example. The cancellation of the protection is processing containingat least one of decryption of an encrypted message and verification ofthe message authentication information, for example. The followingmainly describes a case in which the encryption is used as theprotection as an example. The message authentication information may bea message authentication code calculated using common key cryptographyor may be a digital signature calculated using public key cryptography.

The second beacon is not necessarily encrypted. The second beacon may beencrypted with a cryptographic key (a second common key) different froma cryptographic key used for the encryption of the first beacon. Thesecond cryptographic key may be a common key, a reliable public key, ora secret key corresponding to a public key with a digital signature of areliable certification authority affixed.

The object network may be a wireless network using IEEE 802.15.4e-2012TSCH MAC and may use a link that is a Shared Tx link and an Rx link forconnection authentication.

The applicable network is not limited to the above example. For example,it is applicable to a network with a wireless LAN standard such asWireless Fidelity (Wi-Fi). The link for use in the connectionauthentication is not limited to the above example and may be any linkso long as it can be used by an unauthenticated node. The communicationapparatus (node) may be any apparatus so long as it enables wirelesscommunication. The communication apparatus may be implemented as a smartmeter, a sensor, or a home appliance having wireless communicationfunctionality, for example.

The first beacon and the second beacon may be periodically transmittedwith a certain mixed ratio maintained (a periodic beacon). In thissituation, the mixed ratio between the first beacon and the secondbeacon may be changed dynamically in accordance with the number ofconnected nodes. The second beacon may be transmitted as a response uponreception of a beacon transmission request (an on-demand beacon). Theperiodic beacon and the on-demand beacon can coexist.

The second beacon does not necessarily contain information required onlyfor the node connected to the object network.

FIG. 1 is a diagram of a configuration example of the object network inthe wireless communication system according to the first embodiment. Asillustrated in FIG. 1, in the wireless communication system according tothe present embodiment, nodes 101 to 106 as communication apparatusesare connected with each other with links 107 to 112 as bidirectionalwireless links between two nodes.

The node 101 and the node 102 are connected with each other with thelink 107. The node 101 and the node 103 are connected with each otherwith the link 108. The node 101 and the node 104 are connected with eachother with the link 109. The node 102 and the node 105 are connectedwith each other with the link 110. The node 102 and the node 106 areconnected with each other with the link 111. The node 103 and the node106 are connected with each other with the link 112.

The node 101 is assumed to be a coordinator of the object network, forexample. The beacons (the first beacon and the second beacon) can betransmitted from each of these nodes. The nodes can have a similarconfiguration. The following may refer to the nodes 101 to 106 as a node100 if they do not need to be distinguished from each other.

FIG. 2 is a diagram of a configuration example of the node 100 accordingto the first embodiment. As illustrated in FIG. 2, the node 100 includesa receiver 201, a first beacon processor 202, a second beacon processor203, and an authentication processor 204.

The receiver 201 receives various kinds of information from an externalapparatus such as another node. The receiver 201 receives the beaconstransmitted over the object network, for example. In the presentembodiment, the first beacon and the second beacon are transmitted overthe object network. The first beacon is a beacon transmitted over theobject network while being encrypted with a cryptographic key for thefirst beacon (a first common key). The second beacon is a beacontransmitted over the object network while not being encrypted with thecryptographic key for the first beacon.

The first beacon processor 202 accesses the object network usinginformation contained in the first beacon when the cryptographic key forthe first beacon has already been obtained. The second beacon processor203 accesses the object network using information contained in thesecond beacon when the cryptographic key for the first beacon has notbeen obtained.

The authentication processor 204 performs connection authentication tothe object network using information contained in the second beacon andacquires the cryptographic key for the first beacon. The authenticationprocessor 204 receives MAC control information required for accessingthe object network (hereinafter, referred to as MAC control information)from the second beacon processor 203 and outputs the cryptographic keyfor the first beacon to the first beacon processor 202 when succeedingin the connection authentication, for example. The output cryptographickey for the first beacon may be stored in a storage (not illustrated)such as a random access memory (RAM).

Although any authentication protocol can be used by the authenticationprocessor 204, Protocol for carrying Authentication for Network Access(PANA) prescribed in RFC 5191, IEEE 802.1X, and HIP-DEX or the like canbe used as a connection authentication protocol, for example.

The first beacon processor 202 decrypts the first beacon encrypted usingthe cryptographic key for the first beacon input from the authenticationprocessor 204.

When the node 100 is a relay node, the first beacon processor 202 andthe second beacon processor 203 may have functionality (transmitters) totransmit the first beacon and the second beacon, respectively. AlthoughFIG. 2 illustrates the components used mainly for the processing of theMAC control information, the node 100 may include any component thatexecutes any functionality other than this.

The units (the receiver, the first beacon processor, the second beaconprocessor, the authentication processor, and the like) of the node 100may be implemented by causing a processor such as a central processor(CPU) to execute a computer program, that is, by software, implementedby hardware such as an integrated circuit (IC), or implemented by bothusing software and hardware, for example.

Next, the following describes communication control processing by thethus configured node 100 according to the first embodiment withreference to FIG. 3. FIG. 3 is a flowchart of the entire procedure ofthe communication control processing in the first embodiment.

FIG. 3 illustrates an example of a case in which both the first beaconand the second beacon are encrypted. FIG. 3 is processing performed whena MAC frame is received, for example.

Upon reception of the MAC frame, the receiver 201 determines whether aframe type of the received MAC frame is a beacon (Step S301). If theframe type is not the beacon (No at Step S301), the processing ends.Although omitted in FIG. 3, for a frame type other than the beacon (anassociation request, an association response, an ACK, or a beaconrequest, for example), processing appropriate for each of the frametypes is executed.

If the frame type is the beacon (Yes at Step S301), the receiver 201determines whether the first beacon has been received (Step S302).Whether the frame type is the first beacon can be determined by framecontrol information (details of which will be described below) such asSecurity Enabled, for example.

If the first beacon has been received (Yes at Step S302), the firstbeacon processor 202 determines whether the cryptographic key for thefirst beacon is present (Step S303). The first beacon processor 202determines that the cryptographic key for the first beacon is presentwhen the connection authentication has already been performed and thecryptographic key for the first beacon is stored in the storage or thelike, for example.

If the cryptographic key for the first beacon is present (Yes at StepS303), the first beacon processor 202 decrypts the first beacon (Step3304). The first beacon processor 202 acquires the MAC controlinformation from the decrypted first beacon (Step S305) and ends theprocessing. If the cryptographic key for the first beacon is absent (Noat Step S303), the first beacon processor 202 ends the processing.

If the first beacon has not been received, that is, if the second beaconhas been received (No at Step 3302), the second beacon processor 203determines whether the cryptographic key for the first beacon is present(Step S306). If the cryptographic key for the first beacon is notprovided (No at Step S306), the second beacon processor 203 decrypts thesecond beacon (Step 307). If the second beacon is not encrypted, StepS307 is omitted. The second beacon processor 203 acquires the MACcontrol information from the decrypted second beacon (Step S308).

If the cryptographic key for the first beacon is provided (Yes at StepS306), the second beacon processor 203 ends the processing. This isbecause if the cryptographic key for the first beacon has already beenprovided, there is no need to execute the connection authentication.

The authentication processor 204 determines whether the connectionauthentication has been performed between the node 100 and a node as abeacon transmission source (Step S309). If the connection authenticationhas been performed (Yes at Step S309), the authentication processor 204ends the processing. If the connection authentication has not beenperformed (No at Step S309), the authentication processor 204 starts theconnection authentication between it and the node as the beacontransmission source (Step S310).

FIG. 4 and FIG. 5 are diagrams of transmission timing of the secondbeacon received by the node 100 according to the first embodiment. FIG.4 is an example when the beacons are periodically transmitted. FIG. 5 isan example when the second beacon is transmitted as the on-demandbeacon.

Beacons 401 and 402 in FIG. 4 indicate the first beacon and the secondbeacon, respectively. Either the beacon 401 or the beacon 402 istransmitted at constant time intervals T. In FIG. 4, the beacon 401 andthe beacon 402 are transmitted so that the mixed ratio between thebeacon 401 and the beacon 402 will be 4:1.

The mixed ratio between the first beacon and the second beacon may bechanged dynamically in accordance with the number of the connectednodes, for example. The mixed ratio between the first beacon and thesecond beacon may be set so as to transmit the second beacon alone ifthe number of the connected nodes is zero, to transmit the first beaconalone if the number of the connected nodes reaches a maximum connectablenumber, and to be proportional to the number of the connected nodesotherwise, for example.

Beacons 501 and 502 in FIG. 5 indicate a second beacon transmissionrequest and the second beacon transmitted in response to the secondbeacon transmission request, respectively. The node 100 transmits thebeacon 501 in a broadcast manner and receives the beacon 502 as aresponse thereof, for example.

The following describes a configuration example when the object networkis a wireless mesh network using IEEE 802.15.4e-2012 TSCH MAC.

In TSCH MAC, a time axis is divided into timeslots with a constantlength. In each of the timeslots, a maximum of one MAC frame (except anACK frame) is transmitted, and a maximum of one ACK frame is thentransmitted from a node that has received this frame as a receiptconfirmation.

Each of the timeslots is identified by a 5-octet nonnegative integercalled an absolute slot number (ASN) that is created by a coordinatorand is propagated through the object network. The ASN is broadcast usingan enhanced beacon (EB). The EB is transmitted in a unicast manner as aresponse to an enhanced beacon request (EBR).

In the present embodiment, the EB is used as the first beacon and thesecond beacon. In a certain timeslot, a channel CH for use in thetransmission or reception of the MAC frame is defined as the followingequation (1) by an array called a hopping sequence list (HSL) withchannel numbers as array elements, the ASN of the timeslot, and achannel offset (CO), with L as the number of the array elements of theHSL:

CH=HSL[(ASN+CO)mod L]  (1)

A timeslot to which a channel used for communication with acommunication node as an EB transmission source is allocated is called alink. The type of the link includes a transmission link (a Tx link), ashared transmission link (a Shared Tx link), and a reception link (an Rxlink).

In the present embodiment, the Tx link is assumed to be a link that onlya specific node 100 can use for transmission. The Shared Tx link isassumed to be a link that multiple nodes 100 can use for transmission.The Rx link is assumed to be a link that the multiple nodes 100 can usefor transmission and reception when combined with the Shared Tx and thata specific node or multiple nodes 100 can use for reception when usedsingly. The EB is transmitted on the Rx link. In the present embodiment,the connection authentication is performed using a link that is theShared Tx link and the Rx link.

In the same timeslot, different COs are used, whereby a plurality oflinks having different channels can be present.

In FIG. 6, the horizontal axis indicates “ASN mod L,” whereas thevertical axis indicates a channel. An origin is on the left end of thehorizontal axis and the upper end of the vertical axis. A pattern 601indicates a channel hopping pattern when CO=1. A pattern 602 indicates achannel hopping pattern when CO=0. The pattern 602 is given by HSL[0]=3, HSL [1]=5, HSL (2)=1, HSL [3]=4, HSL [4]=2, HSL [5]=7, HSL [6]=0,and HSL [7]=6, for example.

FIG. 7 is s schematic diagram of an example of a slotframe used in IEEE802.15.4e-2012 TSCH MAC. The slotframe is an array of a certain numberof timeslots. The number of timeslots within the slotframe is called aslotframe size. The slotframe size can be set independent of the numberof array elements L of the hopping sequence list. The slotframe isrepeated with ASN=0 as a starting point and can dynamically begenerated, deleted, and changed.

FIG. 7 is an arrangement of a slotframe with a slotframe size of 3 onthe time axis. The ith (0≦i<slotframe size) timeslot within theslotframe is defined as TSi. In FIG. 7, TS0 is a timeslot of the Txlink, TS1 is a timesslot of the Rx link, and TS2 is a timeslot with nolink allocated.

A plurality of slotframes with different slotframe sizes can coexist inone object network. Each of the slotframes is identified by anonnegative integer called a slotframe handle. The node 100 can use theslotframes simultaneously. Note that, in each of the timeslots, aslotframe having the Tx link is preferentially used over a slotframehaving the Rx link, and a slotframe having a larger slot frame handle ispreferentially used.

FIG. 8 is a diagram of an example of a format of the EB serving as thefirst beacon and the second beacon in the present embodiment. The EBcontains a MAC header (MFR), a MAC payload (MAC Payload), and a MACfooter (MFR).

The MAC header contains “Frame Control,” “Sequence Number,” “AddressingFields,” “Auxiliary Security Header,” and zero or more “Header IEs(Information Elements).” The MAC footer contains an error detection code(FCS (Frame Check Sequence)). The MAC payload contains zero or more“Payload IEs” and “Beacon Payload.”

A Frame Control field contains the frame control information such asFrame Type and Security Enabled. A Security Number field contains asequence number of the EB. Addressing Fields contains a transmissionsource personal area network (PAN) identifier, a destination PANidentifier, a transmission source address, and a destination address.

FIG. 9 is a diagram of an example of a format of an Auxiliary SecurityHeader field prescribed in IEEE 802.15.4e-2012. The Auxiliary SecurityHeader field contains a Security Control field, Frame Counter, and KeyIdentifier.

If the EB is not encrypted, Security Enabled is set to 0, and theAuxiliary Security Header field may be omitted. If the EB is encrypted,the Auxiliary Security Header field is added, and encryption isperformed in the MAC payload part using the CCM* algorithm prescribed inIEEE 802.15.4-2011.

In the present embodiment, the Auxiliary Security Header field is usedfor the first beacon, and if the second beacon is not encrypted, theAuxiliary Security Header field of the second beacon is omitted, forexample. If the second beacon is encrypted, the Auxiliary SecurityHeader field is used also for the second beacon, and Key Identifier ofthe second beacon has a value different from that of Key Identifier ofthe first beacon. In this case, different cryptographic keys are usedfor the encryption of the first beacon and the second beacon.

FIG. 10 is a diagram of an example of a format of a Security Controlfield prescribed in IEEE 802.15.4e-2012. The Security Control fieldcontains Security Level, Key Identifier Mode, Frame Counter Suppression,Frame Counter Size, and an unused part (Reserved). If the EB isencrypted, a non-zero value is set for Security Level. Key IdentifierMode may use any number defined in IEEE 802.15.4-2011. Frame CounterSuppression is set to a value of 1 in TSCH MAC. In this situation, aframe counter in the Auxiliary Security Header field is omitted, and theASN is used as the frame counter instead. The frame counter size is setto a value of 1 meaning 5 octets in TSCH MAC.

Header IE and Payload IE in FIG. 8 contain other pieces of MAC controlinformation. Beacon Payload contains additional data.

In TSCH MAC, among Payload IEs, “TSCH Synchronization IE,” “TSCHSlotframe and Link IE,” “TSCH Timeslot IE,” and “Channel Hopping IE” ofthe MLME group are used. The node 100 performs synchronization withrespect to the timeslot and channel on the object network using theseInformation Elements (IEs). Concerning “TSCH Synchronization IE,” “TSCHSlotframe and Link IE,” and “Channel Hopping IE” among these IEs, oneshaving different contents among the respective nodes 100 may betransmitted.

FIG. 11 is a diagram of an example of a format of a payload part of“TSCH Synchronization IE” defined in IEEE 802.15.4e-2012. The “TSCHSynchronization IE” payload contains the ASN and “Join Priority.”

FIG. 12 is a diagram of an example of a format of a payload part of“TSCH Slotframe and Link IE” defined in IEEE 802.15.4e-2012. The “TSCHSlotframe and Link IE” payload contains Number of Slotframes and“Slotframe and link information.” “Slotframe and link information”contains Slotframe Handle, Slotframe Size, Number of Links, and LinkInformation for each of the slotframes. Link Information containsTimeslot, Channel Offset, and Link Options. Link Options containsinformation such as the type of the link.

FIG. 13 is a diagram of an example of a format of a payload part of“TSCH Timeslot IE” defined in IEEE 802.15.4e-2012. The “TSCH TimeslotIE” payload includes Timeslot Template ID and a frametransmission/reception control parameter set 1301. The frametransmission/reception control parameter set 1301 includes a pluralityof frame transmission/reception control parameters as illustrated inFIG. 13. The frame transmission/reception control parameter set 1301 canbe omitted. If omitted, the frame transmission/reception controlparameter set is set in an out-of-band manner.

FIG. 14 is a diagram of an example of a format of a payload part of“Channel Hopping IE” defined in IEEE 802.15.4e-2012. The “ChannelHopping IE” payload contains Hopping Sequence ID and a channel hoppingparameter set 1401. The channel hopping parameter set 1401 containsinformation such as Number of Channels and Hopping sequence list. Thechannel hopping parameter set 1401 can be omitted. If omitted, thechannel hopping parameter set 1401 is set in an out-of-band manner.

FIG. 15 is a diagram of an operation example when both the first beaconand the second beacon use the EB, and both the first beacon and thesecond beacon distribute the same TSCH MAC control information. FIG. 15is a diagram schematically illustrating the MAC control informationtransmitted by the EB. The node 100 that has received the EB may storetherein the MAC control information in a table format as illustrated inFIG. 15. FIG. 15 illustrates a case in which the EB is transmitted fromthe node 101 in FIG. 1. A table 1501 is a slotframe table, and a table1502 and a table 1503 are link tables.

In the table 1501, two slotframes with a slotframe handle value of 1 and2 are present. The slotframe size of the slotframe with the slotframehandle value 1 is 20, and the number of links thereof is 6. Theslotframe size of the slotframe with the slotframe handle value 2 is 40,and the number of links thereof is 2. The slotframe with the slotframehandle value 2 is higher in priority than the slotframe with theslotframe handle value 1.

The table 1502 is a link table for the slotframe with the slotframehandle value 1. The table 1503 is a link table for the slotframe withthe slotframe handle value 2. The left three columns of the table 1502and the table 1503 correspond to Link Information of “TSCH Slotframe andLink IE” (FIG. 12). “Detailed Allocation” on the rightmost columnindicates the node 100 to which a link is allocated for communicationwith the EB transmission source (the node 101 in this example).

A timeslot value of 1 of the table 1502 is allocated to the node 102 forframe reception from the node 101, for example. A timeslot value of 2 isallocated to the node 102 for frame transmission to the node 101. Avalue “*” of “Detailed Allocation” indicates that any node can be used.A timeslot value of 0 of the table 1502 can be used by any node 100 forframe reception from the node 101, for example. In the presentembodiment, an EB frame is assumed to be transmitted on the link that isthe Rx link and “Detailed Allocation” of which is “*” (that is, the linkwith the timeslot value 0 of the table 1502).

Information of “Detailed Allocation” is assumed not to be distributed bythe EE and to be set in advance or set in an out-of-band manner by meansof an upper layer protocol or the like.

In FIG. 15, the node 102 and the node 103 are allocated with onetransmission slot and one reception slot in 20 timeslots in theslotframe with the slotframe handle value 1. The node 104 is allocatedwith one transmission slot and one reception slot in 40 timeslots in theslotframe with the slotframe handle value 2. Note that, owing tointer-slotframe priority, a slot for transmission and a slot forreception of the node 102 are used for a slot for transmission and aslot for reception, respectively, of the node 104 once in two times.Consequently, a transmission timeslot of the node 102 is ASN mod 40=21,and a reception timeslot of the node 102 is ASN mod 40=22. Atransmission timeslot of the node 103 is ASN mod 20=4, and a receptiontimeslot of the node 103 is ASN mode 20=5. A transmission timeslot ofthe node 104 is ASN mod 40=1, and a reception timeslot of the node 104is ASN mod 40=2.

Any node 100 unconnected to the node 101 can obtain the TSCH MAC controlinformation except “Detailed Allocation” from the second beacon.Consequently, the authentication processor 204 of the node 100 uses atimeslot with a timeslot value of 3 of a slotframe with the slotframehandle value 1 the value of “Link Options” of which is Shared Tx and Rx(ASN mod 20=3) for the connection authentication.

As described above, in the first embodiment, the node already connectedto the object network acquires the MAC control information by the firstbeacon encrypted with the cryptographic key effective only for theobject network, whereas the node unconnected to the object networkacquires the MAC control information by the second beacon. Consequently,the connection authentication for the unconnected node can be performedwithout requiring the provisioning network while providing the safety ofcommunication for the already-connected node on the object network.

Modification 1

FIG. 16 is a diagram of an operation example when both the first beaconand the second beacon are the EB and the second beacon does not containinformation required only for the node already connected to the objectnetwork. FIG. 16 is a diagram schematically illustrating the MAC controlinformation transmitted by the second beacon of Modification 1. Thefirst beacon contains the same information as that in FIG. 15 of thefirst embodiment.

The EB for the second beacon contains only information about thetimeslot value 3 of the slotframe with the slotframe handle value 1 thevalue of “Link Options” of which is Shared Tx and Rx among the pieces ofinformation contained in the first beacon. The EB for the second beacondoes not contain information about timeslot values 1, 2, 4, and 5 of theslotframe with the slotframe handle value 1 and slotframe information onthe slotframe handle value 2. In place of not containing unnecessaryinformation, information in which the unnecessary information isreplaced with an invalid value may be contained.

Any node 100 unconnected to the node 101 can use the timeslot with thetimeslot value 3 of the slotframe with the slotframe handle value 1 thevalue of “Link Options” of which is Shared Tx and Rx (ASN mod 20=3) forthe connection authentication similarly to the case in FIG. 15 of thefirst embodiment.

As described above, in Modification 1, the node unconnected to theobject network cannot identify the link used only by the node alreadyconnected to the object network only from the information contained inthe second beacon. Consequently, in addition to an effect similar tothat of the first embodiment, resistance to a Denial-of-Service (DOS)attack can be improved.

Modification 2

FIG. 17 is a diagram of a configuration example when the second beaconis encrypted with a reliable public key or a secret key corresponding toa public key with a digital signature of a reliable certificationauthority affixed. The first beacon is assumed to be encrypted with acommon key similarly to the first embodiment and Modification 1.

In the present modification, the EB is used as the second beacon. The EBof the present modification contains “Public Key IE,” “Certificate IE,”and “Signature IE” in the part of “Header IE” not encrypted with CCM* asillustrated in FIG. 17.

“Public Key IE” contains a public key of the node 100 that hastransmitted the EB (an EB transmission node) “Certificate IE” contains acertificate of the EB transmission node (including the public key of theEB transmission node) issued by the reliable certification authority.“Signature IE” contains a value of a digital signature affixed using asecret key of the EB transmission node to the MAC payload.

When “Public Key IE” is contained, “Certificate IE” is unnecessary. Whenthe public key of the EB transmission node is distributed in anout-of-band manner, both “Public Key IE” and “Certificate IE” areunnecessary. The MAC payload may be encrypted using a secret keycorresponding to the public key of the EB transmission node.

As described above, the present modification can also encrypt the secondbeacon without using a preset group common key such as a default joinkey or an open join key. Consequently, influence when a communicationnode is cracked can be prevented from extending through the entireobject network. With this effect, in addition to an effect similar tothat of the embodiment, the safety of the object network can beimproved.

Second Embodiment

In a second embodiment, a beacon having a secure part encrypted with acommon key (secure information) and a non-secure part as plaintext(non-secure information) is used.

FIG. 18 is a diagram of a configuration example of a node 100-2according to the second embodiment. As illustrated in FIG. 18, the node100-2 includes the receiver 201, a beacon processor 202-2, and theauthentication processor 204.

The second embodiment is different from the first embodiment in that thebeacon processor 202-2 is included in place of the first beaconprocessor 202 and the second beacon processor 203. The other componentsand functionality are similar to FIG. 2 as the block diagram of the node100 according to the first embodiment and are attached with the samesymbols, and descriptions thereof will be omitted.

The beacon processor 202-2 accesses the object network using informationcontained in the beacon if a cryptographic key (a common key) for thesecure part has been obtained. The beacon processor 202-2 accesses theobject network using information contained in the non-secure part if thecryptographic key for the secure part has not been obtained. The beaconprocessor 202-2 thus executes the processing using the secure part andthe processing using the non-secure part in place of the processingusing the first beacon by the first beacon processor 202 and theprocessing using the second beacon by the second beacon processor 203,respectively.

When the cryptographic key for the secure part is obtained byauthentication processing, the beacon processor 202-2 decrypts theencrypted secure part using this cryptographic key.

FIG. 19 is a diagram of an example of a format of the beacon used in thesecond embodiment. In the second embodiment, the EB is used as thebeacon. Note that, in a part 1701 of “Header IE” as the unencryptednon-secure part, “TSCH Join Synchronization IE,” “TSCH Join Slotframeand Link IE,” “TSCH Join Timeslot IE,” and “Join Channel Hopping IE”having the same IE payload structures as “TSCH Synchronization IE,”“TSCH Slotframe and Link IE,” “TSCH Timeslot IE,” and “Channel HoppingIE,” respectively, of IEEE 802.15.4e-2012 are used. “TSCHSynchronization IE,” “TSCH Slotframe and Link IE,” “TSCH Timeslot IE,”and “Channel Hopping IE” are contained in a part 1702 of “Payload IE”and are encrypted.

The beacon of the present embodiment may periodically be transmittedsimilarly to FIG. 4 or transmitted as an on-demand beacon similarly toFIG. 5.

The node 100-2 that can access the object network accesses the objectnetwork using information contained in the secure part of the beacon ifthe cryptographic key for the secure part is provided. If thecryptographic key for the secure part is not provided, the node 100-2accesses the object network and performs connection authenticationthereto using the non-secure part of the beacon and acquires thecryptographic key for the secure part when succeeding in the connectionauthentication. Similarly, to Modification 1, the non-secure part doesnot necessarily contain information required only for the node 100-2connected to the object network.

As describes above, the second embodiment can transmit the informationcontained in the first beacon and the second beacon of the firstembodiment by one beacon. Consequently, in addition to an effect similarto that of the embodiment, a message number of the beacon can bereduced. Furthermore, although the beacon of the present embodiment islarger in message size than the case in which the first beacon and thesecond beacon are used, when error correction is performed, the effectof the error correction is relatively larger on the other hand.

As described above, the first and second embodiments use both two kindsof beacons or beacon payloads for which different security levels areused for the node already connected to the object network and the nodeunconnected thereto or encrypted with different cryptographic keys. Withthis configuration, the connection authentication for the unconnectednode can be performed without requiring the provisioning network whileproviding the safety of communication for the already-connected node onthe object network.

Next, the following describes a hardware configuration of thecommunication apparatus according to the first or second embodiment withreference to FIG. 20. FIG. 20 is an explanatory diagram of a hardwareconfiguration of the communication apparatus according to the first orsecond embodiment.

The communication apparatus according to the first or second embodimentincludes a control apparatus such as a CPU 51, storage apparatuses suchas a read only memory (ROM) 52 and a RAM 53, a communication I/F 54 thatconnects to a network to perform communication, and a bus 61 connectingthe respective parts with each other.

A communication program executed by the communication apparatusaccording to the first or second embodiment is embedded and provided inthe ROM 52, for example.

The communication program executed by the communication apparatusaccording to the first or second embodiment may be recorded and providedin a computer-readable recording medium such as a compact disc read onlymemory (CD-ROM), a flexible disk (FD), a compact disc recordable (CD-R),and a digital versatile disc (DVD), as an installable or executablefile.

The communication program executed by the communication apparatusaccording to the first or second embodiment may be stored in a computerconnected to a network such as the Internet and provided by beingdownloaded via the network. The communication program executed by thecommunication apparatus according to the first or second embodiment maybe provided or distributed via a network such as the Internet.

The communication program executed by the communication apparatusaccording to the first or second embodiment can cause a computer tofunction as the respective parts (the receiver, the first beaconprocessor, the second beacon processor, the authentication processor,and the like) of the communication apparatus. This computer can beimplemented by causing the CPU 51 to read the communication program outof the computer-readable storage medium onto a main memory.

While certain embodiments have been described, these embodiments havebeen presented by way of example only, and are not intended to limit thescope of the inventions. Indeed, the novel methods and systems describedherein may be embodied in a variety of other forms; furthermore, variousomissions, substitutions and changes in the form of the methods andsystems described herein may be made without departing from the spiritof the inventions. The accompanying claims and their equivalents areintended to cover such forms or modifications as would fall within thescope and spirit of the inventions.

What is claimed is:
 1. A communication apparatus comprising: a receiverconfigured to receive a first beacon transmitted over a wireless networkwhile being protected by a first common key and a second beacontransmitted over the wireless network while not being protected by thefirst common key; a first beacon processor configured to access thewireless network using information contained in the first beacon whenthe first common key is provided; a second beacon processor configuredto access the wireless network using information contained in the secondbeacon when the first common key is not provided; and an authenticationprocessor configured to perform connection authentication to thewireless network using information contained in the second beacon andacquire the first common key.
 2. The apparatus according to claim 1,wherein the second beacon is transmitted over the wireless network whilenot being protected.
 3. The apparatus according to claim 1, wherein thesecond beacon is protected by a second common key different from thefirst common key.
 4. The apparatus according to claim 1, wherein thesecond beacon is protected by a public key or a secret key of public keycryptography.
 5. The apparatus according to claim 1, wherein thewireless network is a wireless network compliant with IEEE802.15.4e-2012 Time-Slotted Channel Hopping (TSCH) Media Access Control(MAC), and the authentication processor performs connectionauthentication using a link that is a Shared Tx link and an Rx link ofIEEE 802.15.4e-2012 TSCH MAC.
 6. The apparatus according to claim 1,wherein the first beacon and the second beacon are periodicallytransmitted with a designated mixed ratio.
 7. The apparatus according toclaim 6, wherein the mixed ratio is changed in accordance with thenumber of apparatuses connected to the wireless network.
 8. Theapparatus according to claim 1, wherein the second beacon is transmittedin response to a transmission request of the second beacon.
 9. Theapparatus according to claim 1, wherein the second beacon does notcontain information required only for an apparatus for which connectionto the wireless network has been authenticated.
 10. A communicationapparatus comprising: a receiver configured to receive a beacontransmitted over a wireless network, the beacon containing secureinformation protected by a first common key and non-secure informationnot protected by the first common key; a beacon processor configured toaccess the wireless network using the secure information when the firstcommon key is provided and access the wireless network using thenon-secure information when the first common key is not provided; and anauthentication processor configured to perform connection authenticationto the wireless network using the non-secure information and acquire thefirst common key.
 11. The apparatus according to claim 10, wherein thenon-secure information does not contain information required only for anapparatus for which connection to the wireless network has beenauthenticated.
 12. A computer program product comprising acomputer-readable medium including programmed instructions that cause acomputer to function as: a receiver configured to receive a first beacontransmitted over a wireless network while being protected by a firstcommon key and a second beacon transmitted over the wireless networkwhile not being protected by the first common key; a first beaconprocessor configured to access the wireless network using informationcontained in the first beacon when the first common key is provided; asecond beacon processor configured to access the wireless network usinginformation contained in the second beacon when the first common key isnot provided; and an authentication processor configured to performconnection authentication to the wireless network using informationcontained in the second beacon and acquire the first common key.
 13. Acomputer program product comprising a computer-readable medium includingprogrammed instructions that cause a computer to function as: a receiverconfigured to receive a beacon transmitted over a wireless network, thebeacon containing secure information protected by a first common key andnon-secure information not protected by the first common key; a beaconprocessor configured to access the wireless network using the secureinformation when the first common key is provided and access thewireless network using the non-secure information when the first commonkey is not provided; and an authentication processor configured toperform connection authentication to the wireless network using thenon-secure information and acquire the first common key.
 14. A method ofcommunication comprising: receiving a first beacon transmitted over awireless network while being protected by a first common key and asecond beacon transmitted over the wireless network while not beingprotected by the first common key; accessing the wireless network usinginformation contained in the first beacon when the first common key isprovided; accessing the wireless network using information contained inthe second beacon when the first common key is not provided; andperforming connection authentication to the wireless network usinginformation contained in the second beacon and acquiring the firstcommon key.
 15. A method of communication comprising: receiving a beacontransmitted over a wireless network, the beacon containing secureinformation protected by a first common key and non-secure informationnot protected by the first common key; accessing the wireless networkusing the secure information when the first common key is provided andaccessing the wireless network using the non-secure information when thefirst common key is not provided; and performing connectionauthentication to the wireless network using the non-secure informationand acquiring the first common key.